summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.github/dependabot.yml6
-rw-r--r--.github/workflows/autobot.yaml26
-rw-r--r--.github/workflows/ci.yaml65
-rw-r--r--.github/workflows/update-inputs.yaml5
-rw-r--r--.github/workflows/update-lock.yaml20
-rw-r--r--.github/workflows/update-nixpkgs.yaml5
-rw-r--r--README.md5
-rw-r--r--flake.nix4
-rw-r--r--garnix.yaml10
-rw-r--r--modules/shared/base/nix.nix4
-rw-r--r--parts/ci.nix51
11 files changed, 110 insertions, 91 deletions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 1d662ce..4c39a33 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,8 +1,8 @@
version: 2
updates:
- - package-ecosystem: "github-actions" # See documentation for possible values
- directory: "/" # Location of package manifests
+ - package-ecosystem: "github-actions"
+ directory: "/"
schedule:
interval: "weekly"
commit-message:
- prefix: "actions"
+ prefix: "ci"
diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml
deleted file mode 100644
index 760d835..0000000
--- a/.github/workflows/autobot.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-name: Auto-merge Dependabot
-
-on: pull_request
-
-jobs:
- automerge:
- name: Check and auto-merge
- runs-on: ubuntu-latest
-
- permissions:
- contents: write
- pull-requests: write
-
- if: github.actor == 'dependabot[bot]'
- steps:
- - uses: dependabot/fetch-metadata@v2
- id: metadata
- with:
- github-token: ${{ github.token }}
-
- - name: Enable auto-merge
- if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
- run: gh pr merge --auto --rebase "$PR"
- env:
- GH_TOKEN: ${{ github.token }}
- PR: ${{ github.event.pull_request.html_url }}
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..63a8080
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,65 @@
+name: CI
+
+on:
+ push:
+ branches: [main]
+ pull_request:
+ workflow_dispatch:
+
+jobs:
+ build:
+ name: Build outputs (${{ matrix.system }})
+
+ strategy:
+ matrix:
+ include:
+ - system: x86_64-linux
+ os: ubuntu-latest
+
+ runs-on: ${{ matrix.os }}
+
+ steps:
+ # https://github.com/actions/runner-images/issues/2840#issuecomment-790492173
+ - name: Clear disk space
+ run: |
+ sudo rm -rf /usr/share/dotnet
+ sudo rm -rf /opt/ghc
+ sudo rm -rf "/usr/local/share/boost"
+ sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+
+ - name: Checkout repository
+ uses: actions/checkout@v4
+
+ - name: Install Nix
+ uses: cachix/install-nix-action@v27
+
+ - name: Setup Cachix
+ uses: cachix/cachix-action@v15
+ with:
+ name: getchoo
+ authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+
+ - name: Run build
+ env:
+ SYSTEM: ${{ matrix.system }}
+ run: |
+ nix run \
+ github:Mic92/nix-fast-build -- \
+ --no-nom \
+ --skip-cached \
+ --systems "$SYSTEM" \
+ --option allow-import-from-derivation false \
+ --flake '.#hydraJobs'
+
+ build-gate:
+ name: Build gate
+
+ if: ${{ always() }}
+ needs: build
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Exit with error
+ if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
+ run: exit 1
diff --git a/.github/workflows/update-inputs.yaml b/.github/workflows/update-inputs.yaml
index 9e08a76..bd106a3 100644
--- a/.github/workflows/update-inputs.yaml
+++ b/.github/workflows/update-inputs.yaml
@@ -8,10 +8,7 @@ on:
jobs:
update:
- permissions:
- contents: write
- pull-requests: write
-
uses: ./.github/workflows/update-lock.yaml
with:
commit-msg: "flake: update all inputs"
+ secrets: inherit
diff --git a/.github/workflows/update-lock.yaml b/.github/workflows/update-lock.yaml
index 109d860..d042e9a 100644
--- a/.github/workflows/update-lock.yaml
+++ b/.github/workflows/update-lock.yaml
@@ -4,26 +4,28 @@ on:
workflow_call:
inputs:
commit-msg:
- description: summary for lockfile commit
+ description: "Summary for lockfile commit"
required: true
type: string
inputs:
- description: flake inputs to update
+ description: "Flake inputs to update"
required: false
default: ""
type: string
+ secrets:
+ MERGE_TOKEN:
+ description: PAT to create and merge PR
+ required: true
jobs:
update:
name: Update & make PR
- runs-on: ubuntu-latest
- permissions:
- contents: write
- pull-requests: write
+ runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v4
+ - name: Checkout repository
+ uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v11
@@ -35,11 +37,11 @@ jobs:
commit-msg: ${{ inputs.commit-msg }}
inputs: ${{ inputs.inputs }}
pr-title: ${{ inputs.commit-msg }}
- token: ${{ github.token }}
+ token: ${{ secrets.MERGE_TOKEN }}
- name: Enable auto-merge
shell: bash
run: gh pr merge --auto --rebase "$PR_ID"
env:
- GH_TOKEN: ${{ github.token }}
+ GH_TOKEN: ${{ secrets.MERGE_TOKEN }}
PR_ID: ${{ steps.update.outputs.pull-request-number }}
diff --git a/.github/workflows/update-nixpkgs.yaml b/.github/workflows/update-nixpkgs.yaml
index 2fd0ec5..db6bf63 100644
--- a/.github/workflows/update-nixpkgs.yaml
+++ b/.github/workflows/update-nixpkgs.yaml
@@ -8,11 +8,8 @@ on:
jobs:
update:
- permissions:
- contents: write
- pull-requests: write
-
uses: ./.github/workflows/update-lock.yaml
with:
commit-msg: "flake: update nixpkgs"
inputs: "nixpkgs nixpkgs-stable"
+ secrets: inherit
diff --git a/README.md b/README.md
index 651bbf9..5b4336f 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
[![made with neovim](https://img.shields.io/static/v1?label=made%20with&message=neovim&color=00b952&style=flat-square&logo=neovim)](https://neovim.io/)
[![nixos unstable](https://img.shields.io/static/v1?label=NixOS&message=unstable&color=5277c3&style=flat-square&logo=nixos)](https://nixos.org/)
-[![built with garnix](https://img.shields.io/endpoint?url=https%3A%2F%2Fgarnix.io%2Fapi%2Fbadges%2Fgetchoo%2Fflake%3Fbranch%3Dmain)](https://garnix.io)
+[![CI](https://github.com/getchoo/flake/actions/workflows/ci.yaml/badge.svg)](https://github.com/getchoo/flake/actions/workflows/ci.yaml)
greasy taco i love
@@ -32,7 +32,8 @@ there are some amazing tools i use to make/manage this flake that i would highly
- [home-manager](https://github.com/nix-community/home-manager)
- [agenix](https://github.com/ryantm/agenix)
-- [garnix](https://garnix.io)
+- [cachix](https://www.cachix.org/)
+- [nix-fast-build](https://github.com/Mic92/nix-fast-build)
- [nixinate](https://github.com/MatthewCroughan/nixinate)
- [flake-parts](https://github.com/hercules-ci/flake-parts)
- [terranix](https://github.com/terranix/terranix)
diff --git a/flake.nix b/flake.nix
index 0498a15..1f42782 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,8 +2,8 @@
description = "getchoo's flake for system configurations";
nixConfig = {
- extra-substituters = ["https://cache.garnix.io"];
- extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="];
+ extra-substituters = ["https://getchoo.cachix.org"];
+ extra-trusted-public-keys = ["getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE="];
};
outputs = inputs: let
diff --git a/garnix.yaml b/garnix.yaml
deleted file mode 100644
index bfe29de..0000000
--- a/garnix.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-builds:
- exclude:
- - "*.x86_64-darwin.*"
- - "*.aarch64-darwin.*"
- include:
- - "checks.*.*"
- - "devShells.*.*"
- - "nixosConfigurations.*"
- - "homeConfigurations.*"
- - "packages.*.*"
diff --git a/modules/shared/base/nix.nix b/modules/shared/base/nix.nix
index 29b817f..2575a05 100644
--- a/modules/shared/base/nix.nix
+++ b/modules/shared/base/nix.nix
@@ -24,8 +24,8 @@ in {
auto-optimise-store = pkgs.stdenv.isLinux;
experimental-features = ["nix-command" "flakes" "auto-allocate-uids" "repl-flake"];
- trusted-substituters = ["https://cache.garnix.io"];
- trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="];
+ trusted-substituters = ["https://getchoo.cachix.org"];
+ trusted-public-keys = ["getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE="];
nix-path = config.nix.nixPath;
};
diff --git a/parts/ci.nix b/parts/ci.nix
index 5ddc81c..ba26af5 100644
--- a/parts/ci.nix
+++ b/parts/ci.nix
@@ -1,34 +1,27 @@
-{self, ...}: {
- perSystem = {
- lib,
+{
+ lib,
+ self,
+ withSystem,
+ ...
+}: let
+ ciSystem = "x86_64-linux";
+ derivFromCfg = deriv: deriv.config.system.build.toplevel or deriv.activationPackage;
+ mapCfgsToDerivs = lib.mapAttrs (lib.const derivFromCfg);
+in {
+ flake.hydraJobs = withSystem ciSystem ({
pkgs,
- system,
self',
...
}: {
- packages = {
- ciGate = let
- toTopLevel = cfg: cfg.config.system.build.toplevel or cfg.activationPackage;
- isCompatible = cfg: cfg.pkgs.system == system;
-
- configurations =
- map
- (type:
- lib.mapAttrs (lib.const toTopLevel)
- (lib.filterAttrs (lib.const isCompatible) self.${type}))
- [
- "nixosConfigurations"
- "darwinConfigurations"
- "homeConfigurations"
- ];
-
- required = lib.concatMap lib.attrValues (
- lib.flatten [self'.checks self'.devShells configurations]
- );
- in
- pkgs.writeText "ci-gate" (
- lib.concatMapStringsSep "\n" toString required
- );
- };
- };
+ inherit (self') checks;
+ inherit (self') devShells;
+ darwinConfigurations = mapCfgsToDerivs self.darwinConfigurations;
+ homeConfigurations = mapCfgsToDerivs self.homeConfigurations;
+ nixosConfigurations =
+ mapCfgsToDerivs self.nixosConfigurations
+ // {
+ # please add aarch64 runners github...please...
+ atlas = lib.deepSeq (derivFromCfg self.nixosConfigurations.atlas).drvPath pkgs.emptyFile;
+ };
+ });
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 15:09:26 +0000